<?php
	require 'Session.php';
	Session::start();
	include('config.php');
	
	if(trim($_POST["username"]) != "" && trim($_POST["password"]) != ""){
		$usuario = strtolower(htmlentities($_POST["username"], ENT_QUOTES)); 
		$password = $_POST["password"];
	
		$result = mysql_query('SELECT password, username,id_plantel FROM usuario WHERE username=\''.$usuario.'\'');
		if($row	= mysql_fetch_array($result)){
			if($row["password"] == $password){
				$id_plantel=$row["id_plantel"];
				$another=mysql_query('SELECT usuario.id AS id_usuario,usuario.nombre,usuario.apellido_paterno,usuario.apellido_materno,usuario.tipo,plantel.nombre_plantel,plantel.localidad,plantel.id FROM usuario,plantel WHERE username=\''.$usuario.'\' AND plantel.id=\''.$id_plantel.'\'');
				$user_array=mysql_fetch_array($another);
				if($user_array['tipo']==0){
					Session::set("cobach_admin",$user_array);
					//$_SESSION["cobach_admin"] = $user_array;
?>
					<script language="javascript">
						location.href = "principal_admin.php";
					</script>
<?php
				}else{
					Session::set("cobach_user",$user_array);
					//$_SESSION["cobach_user"] = $user_array;
?>					
					<script language="javascript">
						location.href = "principal.php";
					</script>
<?php
				}
			}else{
?>
			<script language="javascript">
				alert('Contrase\u00f1a incorrecta');
				location.href = "../login.php";
            </script>
<?php			}
		}else{
?>
			<script language="javascript">
				alert('El usuario no existe en la base de datos');
				location.href = "../login.php";
            </script>
<?php		}
		mysql_free_result($result);
	}else{
?>
			<script language="javascript">
				alert('Debes ingresar usuario y contrase\u00f1a');
				location.href = "../login.php";
            </script>
<?php
	}
	mysql_close();
?>